**Where did my pictures go? **

[Cruizin]

By now, some of you have noticed that old i m g u r and p h o t o b u c k e t pics are now blocked and gone. I have gotten a few pm's about this wondering wtf.
 
I have converted this entire forum to SSL protection so that your Data is safe. This protects your email, password and activity on the forum so that hackers and marketing companies cannnot capture it, and sell it and put you at risk of being leaked. Alot of forums are too cheap or lazy to do this, and last year a large motorcycle forum company had 48 million members emails, passwords and data hacked and leaked to the public.
 
What is the danger of having usernames/passwords/email addresses hacked ? The danger is that 30% of you use the same damn password on every site that you visit. So many people do this, including their shopping and banking websites. Those are the people that a website admin needs to try and protect as much as possible.
 
Ten years ago, most all websites were still http with no protection.. But consider this. I am one of those millions whose personal data was leaked last year, from a forum that I joined 8 years ago!
 
Many of these other "forums" look safe and large, but their backend is full of holes. Those forums that run on Vbulletin software, they are seriously at risk. Vbulletin requires almost weekly security updates on the server side in order to keep the security holes plugged. And believe me, most of these forum admins are not keeping up with this weekly task.
 
 
OK, so tell us why the old pics are gone? I like a clean shop and a clean code in my websites. Many of you probably have very clean and organized shops, right? I do, and I like a clean website console with not many server or even browser errors.
 
Having an HTTPS domain https://fj-09.org/ , but then serving non ssl http image links across that server is unclean, untidy, causes console warnings, Google doesn't like it, some antivirus programs will trigger warnings because of it. Most forum admins don't care. Well, Im not one of those admins. Having http images on a https website is like wearing the very best $1000 helmet and wearing shorts and flip flops at the same time.
 
Edward Snowden let the cat out of the bag about the NSA and it's contractors ability to manipulate http image pics to trick and hack unsuspecting people who click those pic links.
 
It may be a rare occurance now, in 2017, but more commonplace that even most IT DEV's realize. Google is now recommending that website admins not onlu go 100% Http, but also that we eliminate all HTTP image links from our networks. Google knows what's up, even more they know what is about to happen.
 
So while the odds of a hacker manipulating old http pic links and hacking users from our forum, today, in 2017. Im concerned wit how common place it will be in a year, two years, five years from now.
 
I simply do not want to be the website admin that gets hacked, and Im taking no chances here.
 
We will still be a forum ten years from now. And my #1 intention is to be the best protected bike forum on the internet, period. Im betting that this practice also grows the forum membership.
 
So, Im sorry that your http pic links are now blocked. But your activity and data is encrypted on this forum. This will become more and more important to you in the coming years.
 
And remember, never ever login, join or enter any info on a website whose browser address begins with HTTP. There are also many things on the back end that need to happen for a website to be protected.
 
But if a website isn't HTTPS by now in 2017, I would not trust that website to have their backend code in order.
 
 
 
 

[nsmiller]

Thanks for keeping our data safe!

[Cruizin]

Thanks for keeping our data safe!

 
Thank you for understanding!

[carey]

Thanks for doing this. It makes me wonder how many of the other forums I joined makes me vulnerable.

[root]

Thank you @Cruizin
 
With congress passing the law that ISPs can now sell your private browsing history to whoever they choose without informing you, https at least limits what they can see to only the domain name. I think it's time the IT community figures out a solution to encrypt DNS lookups everywhere as well so they can't even see that. It's shocking how few people realize what they give up when they give up their privacy.
 

[Cruizin]

Thank you @cruizin  
With congress passing the law that ISPs can now sell your private browsing history to whoever they choose without informing you, https at least limits what they can see to only the domain name. I think it's time the IT community figures out a solution to encrypt DNS lookups everywhere as well so they can't even see that. It's shocking how few people realize what they give up when they give up their privacy.

I am an old school IT guy, with an entrenched pessimistic approach to security. I frustrate my family like crazy... but only I know what's good for them  . It is amazing indeed how much people take privacy and security for granted. It's all we really have.

 
I wrote my congressman a scathing email last night about the vote yesterday. Im sure his assistant will laugh when they read it and send me a canned response someday.
 
All our privacy? gone. Our internet providers can now legally spy on us, sell all of our internet activities to marketing companies, who then can sell it to the highest bidder.
 
Apply for a job? Our employers can now buy our internet history, without even asking us.
 

[Cruizin]

Thanks for doing this. It makes me wonder how many of the other forums I joined makes me vulnerable.

 
Well, since you asked. Warning, brace yourself http://www.zdnet.com/article/hacker-steals-45-million-accounts-from-hundreds-of-verticalscope-car-tech-sports-forums/
 
 

[owle]

As a non techie type person i have learn't something from this post, Thanks.

[bobaintstoppin]

Thank you Cruizin for looking out for our security.  For any of you needing to change photo hosts, I'd like to put in a plug for Smugmug.  It costs $40 per year, but has good service and is highly regarded.  I confirmed that my pics are still showing.

[Cruizin]

Thank you Cruizin for looking out for our security.  For any of you needing to change photo hosts, I'd like to put in a plug for Smugmug.  It costs $40 per year, but has good service and is highly regarded.  I confirmed that my pics are still showing.

 
I agree about smugmug. Been using them for years and the owner of Smugmug also owns adv rider forums and is a long time rider and a really good guy. Great company !

[joeszup]

Hey, thanks for all the work you put into this. As an Oracle DBA I'm usually securing the back end of things, so I understand about securing the front end as well.

[clint]

Great idea and thanks for all you do cruizin! One nitpic, you might not know that this board is actually still loading insecure "http" images.
http-somefotobuketsite/albums/aa250/WORMOPOLIS/quotation-marks2-1.png
http-somefotobuketsite/albums/aa250/WORMOPOLIS/quotation-marks2-1.png
 
Yep, the quotation marks on this site are loading via http.
 
Mixed Content
The site includes HTTP resources.
View requests in Network Panel

[Cruizin]

Great idea and thanks for all you do cruizin! One nitpic, you might not know that this board is actually still loading insecure "http" images. http-somefotobuketsite/albums/aa250/WORMOPOLIS/quotation-marks2-1.png
http-somefotobuketsite/albums/aa250/WORMOPOLIS/quotation-marks2-1.png
 
Yep, the quotation marks on this site are loading via http.
 
Mixed Content
The site includes HTTP resources.
View requests in Network Panel

 
Oh yeah, I know about them and am working on it. its a long list of stuff that Im working on.
 

[rojo]

New guy here, thanks for the work you're putting in! Also helps me understand why I'm not seeing so many pictures. I thought it was me.

[steveb]

Thanks for all of your work Cruizin!
 
I just finished reloading all (I think) of my previous pics! I'll be using the updated method from here on.